Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A device, comprising: a processor; a low privilege environment hosting a login agent module and an operating system login authentication module, the login agent module to cause a prompt to be presented by a user interface in the device, the prompt requesting login information to be entered into the device; a trusted execution environment hosting a secure user authentication module, the secure user authentication module to transmit an encrypted authorization message based on receipt of a signed login success message; a secure policy login module to at least determine a context for the device and to set a login policy for at least one of the login agent or the operating system login authentication module based on the context; and an authentication recovery module to reconfigure user-related security in the device by communicating with a remote resource; wherein the operating system login authentication module is to receive the login information from the login agent module and to transmit the signed login success message to the secure user authentication module based on the login information.
A device secures access to its operating system using hardware enforcement. It contains a processor and two separate environments: a low-privilege environment running a login agent module and an OS login authentication module, and a trusted execution environment (TEE) hosting a secure user authentication module (SUAM). The login agent displays a login prompt, and the OS login module receives the entered information. The OS login module then sends a signed "login success" message to the SUAM in the TEE. The SUAM transmits an encrypted authorization message back, based on receiving the signed login success message. A secure policy login module sets a login policy based on device context. An authentication recovery module reconfigures user security through a remote resource.
2. The device of claim 1 , wherein the secure user authentication module is further to transmit the encrypted authentication message to the operating system login authentication module based on authenticating the signed login success message.
Building upon the previous device description, the secure user authentication module (SUAM), residing in the trusted execution environment, authenticates the signed "login success" message received from the operating system login authentication module. After successful authentication, the SUAM then transmits an encrypted authentication message back to the operating system login authentication module. This two-way authentication ensures that the login process is verified by a trusted component before granting access to the device. The SUAM’s authentication of the signed login success message is a prerequisite to sending the encrypted authentication message.
3. The device of claim 2 , wherein the operating system login authentication module is further to grant access to the device based on receipt and authentication of the encrypted authentication message.
Expanding upon the previous device description, the operating system login authentication module, after receiving the encrypted authentication message from the secure user authentication module (SUAM), proceeds to authenticate this encrypted message. Only upon successful authentication of the encrypted message does the operating system login authentication module grant access to the device's operating system. This establishes a robust hardware-enforced security mechanism where access is only granted after multiple authentication steps involving both low-privilege and trusted execution environments. The receipt and authentication of the encrypted message is a prerequisite to granting device access.
4. The device of claim 2 , wherein the trusted execution environment is further to load the secure user authentication module.
In the described device, the trusted execution environment (TEE) plays a crucial role in security by loading and running the secure user authentication module (SUAM). This ensures that the SUAM operates in a secure and isolated environment, protected from tampering or unauthorized access from the operating system or other low-privilege components. By loading the SUAM within the TEE, the device guarantees the integrity and trustworthiness of the authentication process. The TEE is responsible for initializing and managing the SUAM's execution.
5. The device of claim 3 , further comprising a firmware interface module to convey the signed login success message from the operating system login authentication module to the secure login authentication module and the encrypted authentication message from the secure login authentication module to the operating system login authentication module.
The described device incorporates a firmware interface module. This module acts as a secure communication channel, specifically designed to convey the signed "login success" message from the operating system login authentication module to the secure user authentication module (SUAM) residing within the trusted execution environment. Additionally, it facilitates the secure transfer of the encrypted authentication message from the SUAM back to the operating system login authentication module. This dedicated communication path ensures that these critical messages are transmitted securely and reliably, preventing eavesdropping or tampering.
6. The device of claim 1 , wherein the operating system login authentication module is further to authenticate the login information against known user information from within said trusted execution environment.
In the device, the operating system login authentication module not only receives the login information but also authenticates it against known user information. Critically, this authentication process is performed within the trusted execution environment. This prevents malicious software in the main operating system from directly accessing or manipulating the user credentials used for authentication. By authenticating within the TEE, the device protects the sensitive user information from compromise.
7. The device of claim 6 , wherein the operating system login authentication module is further to use the known user information to secure a private key, the private key being accessible when the login information is authenticated against the known user information.
Building on the previous description, the operating system login authentication module utilizes the known user information to further secure a private key. This private key is only accessible when the user-provided login information is successfully authenticated against the stored, known user information. This mechanism ensures that the private key, used for signing the "login success" message, is protected by user authentication. The key only becomes accessible after the user has proven their identity.
8. The device of claim 7 , wherein the operating system login authentication module is further to generate the signed login success message using the private key.
In the described device, the operating system login authentication module uses the previously mentioned private key to generate the signed "login success" message. Because the private key is only accessible after successful user authentication, the signed message provides a cryptographically secure attestation that the user has been verified. This signed message is a crucial component in the device's hardware-enforced security architecture.
9. The device of claim 7 , wherein the private key is encrypted by said trusted execution environment.
As part of the security architecture, the described device ensures that the private key, used for generating the signed "login success" message, is encrypted by the trusted execution environment (TEE). This adds an extra layer of protection to the key, preventing unauthorized access even within the TEE itself. The encryption further reduces the risk of the private key being compromised.
10. The device of claim 1 , wherein the secure user authentication module is further to cause the device to shut down if a signed login success message is not received, and the secure policy login module is further to set an amount of time for the secure user authentication module to wait for receipt of the signed login success message before causing the device to shut down.
In the device, the secure user authentication module (SUAM) monitors for the receipt of a signed "login success" message. If this message is not received within a specified time, the SUAM causes the device to shut down, preventing unauthorized access. The secure policy login module sets the timeout duration for the SUAM's wait period. This mechanism helps to prevent attacks where an attacker attempts to bypass the login process. The time limit is configurable based on the security policy.
Unknown
November 18, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.